Malicious code for software known as “CoinHive” was found in NHS websites
The North Korea-backed WannaCry attack last year exposed the vulnerability of the UK’s critical infrastructure to potential threats, and the news government services have again been compromised deals a blow to public trust.
The bug was found by security researcher Scott Helme who was alerted by a friend who sent him antivirus software warnings received after visiting a UK Government website.
Mr Helme found malicious code for software known as “CoinHive”, a program advertising itself as “A Crypto Miner for your Website” would start running in the background until the webpage is closed.
Although no money was taken from users themselves, the mining code performed computationally intensive operations that were used to earn the cryptocurrency.
Mr Helme wrote to BrowseAloud’s developers on twitter to alert them to the compromise. He said: “Hey @texthelp you’ve been compromised, you need to address this ASAP.”
TextHelp, BrowseAloud’s parent company released a statement to Express.co.uk confirming that an affected file, “… used the computer’s CPUs to attempt to generate cryptocurrency. The exploit was active for a period of four hours on Sunday.”
In the hack, when someone logged on to their local NHS trust website to find out the opening times of their local clinic, the CoinHive program would start running in the background and use your own computer’s processing power to slowly mine cryptocurrency for CoinHive’s profit.
Not only is a hijack of government websites a massive violation of public trust, but the program drains processing power and could drive a home PC or Mac down to incredibly low-performance levels.
Simon Townsend, CTO EMEA at Ivanti told Express.co.uk this is really just another way criminals have found to make money. He adds although the practice of “crypto-mining”, or, “crypto-jacking” is not specific to the NHS, the UK’s health service is an easy target.
Mr Townsend said: ”Unlike the WannaCry attack which hit the NHS last year, or other similar ransomware attacks which have taken place recently, attacks like this don’t actually harm or steal any data from visitors to the websites nor the company hosting the sites.
“Instead, the combined power of machines helps the criminals mine more money, faster.
“Thousands of visitors can visit a website like the UK Government website which was hit by this attack, and all of them will unknowingly start mining money for the criminals.”
The NHS suffered after the WannaCry attack
Mr Townsend adds the NHS was hit because too many old Windows XP and un-updated systems existed within the organisation.
WannaCry, he adds, like many other cyber-attacks used a “vulnerability” within the NHS’s computer system that needed to be updated and fixed.
He said: “Ultimately, these attacks are successful because the NHS lacks the time, money and up-to-date systems which would protect them against being attacked.”
Andrew Douthwaite, VP Managed Services at VirtualArmour, told Express.co.uk he expects this attack on the NHS to be the first of many.
He said: “This method of thinking around how effective a ‘hack’ or ’attack’ is becoming more common, we are not seeing individual sites or companies being targeted, but common services, or ancillary third party plugins being targeted.
“This gives the attackers a much wider audience to hit at once, the third party companies developing the add-ons or additional services are generally smaller than the companies using them and therefore can be less stringent with their QA and security. Another example of this approach was the huge DDoS attack on the DNS provider Dyn – taking down, Twitter Netflix, Spotify to name but a few.”
1 of 11